CVE-2012-0358
Summary
| CVE | CVE-2012-0358 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-03-15 00:55:00 UTC |
| Updated | 2023-08-15 14:41:00 UTC |
| Description | Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco ASA Clientless VPN ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| US-CERT Vulnerability Note VU#339177 - Cisco AnyConnect Clientless SSL VPN Portforwarder ActiveX control buffer overflow | CERT-VN | www.kb.cert.org | US Government Resource |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.